Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger
Critical Thinking - Bug Bounty Podcast12 Dec 2024

Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger

Episode 101: In this episode of Critical Thinking - Bug Bounty Podcast we’ve been hijacked! Rez0 takes control of this episode, and sits down with Johann Rehberger to discuss the intricacies of AI application vulnerabilities. They talk through the importance of understanding system prompts, and various obfuscation techniques used to bypass security measures, the best AI platforms, and the evolving landscape of AI security.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec

Today’s Guest: https://x.com/wunderwuzzi23

Resources

Johann's blog

https://embracethered.com/blog/

zombais

https://embracethered.com/blog/posts/2024/claude-computer-use-c2-the-zombais-are-coming/

Copirate

https://embracethered.com/blog/posts/2024/m365-copilot-prompt-injection-tool-invocation-and-data-exfil-using-ascii-smuggling/

Timestamps

(00:00:00) Introduction

(00:01:59) Biggest things to look for in AI hacking

(00:11:58) Best AI companies to hack on

(00:15:59) URL Redirects and Obfuscation Techniques

(00:24:05) Copirate

(00:35:50) prompt injection guardrails and threats

Avsnitt(170)

Episode 122: We Won Google's AI Hacking Event in Tokyo - Main Takeaways

Episode 122: We Won Google's AI Hacking Event in Tokyo - Main Takeaways

Episode 122: In this episode of Critical Thinking - Bug Bounty Podcast your boys are MVH winners! First we’re joined by Zak, to discuss the Google LHE as well as surprising us with a bug of his own! T...

15 Maj 20251h 45min

Episode 121: Slonser’s Image Injection 0-day -> ATO & New Caido Collab Plugin

Episode 121: Slonser’s Image Injection 0-day -> ATO & New Caido Collab Plugin

Episode 121: In this episode of Critical Thinking - Bug Bounty Podcast we cover so much news and research that we ran out of room in the description...Follow us on XShoutout to YTCracker for the aweso...

8 Maj 202557min

Episode 120: SpaceRaccoon - From Day Zero to Zero Day

Episode 120: SpaceRaccoon - From Day Zero to Zero Day

Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expe...

1 Maj 20251h 36min

Episode 119: Abusing Iframes from a client-side hacker

Episode 119: Abusing Iframes from a client-side hacker

Episode 119: In this episode of Critical Thinking - Bug Bounty Podcast Justin does a mini deep dive into the world of iframes, starting with why they’re significant, their attributes, and how to attac...

17 Apr 202533min

Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots

Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots

Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a poly...

10 Apr 202558min

Episode 117: Hacking AI Series: Vulnus ex Machina - Part 1

Episode 117: Hacking AI Series: Vulnus ex Machina - Part 1

Episode 117: In this episode of Critical Thinking - Bug Bounty Podcast Joseph introduces Vulus Ex Machina: A 3-part mini-series on hacking AI applications. In this part, he lays the groundwork and foc...

3 Apr 202532min

Episode 116: Auth Bypasses and Google VRP Writeups

Episode 116: Auth Bypasses and Google VRP Writeups

Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware...

27 Mars 202526min

Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)

Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)

Episode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about ...

20 Mars 20251h 40min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
market-makers
rss-elektrikerpodden
bilar-med-sladd
skogsforum-podcast
rss-uppgang-och-fall
rss-laddstationen-med-elbilen-i-sverige
developers-mer-an-bara-kod
rss-veckans-ai
natets-morka-sida
bli-saker-podden
rss-powerboat-sverige-podcast
rss-technokratin
rss-fabriken-2
rss-snacka-om-ai
teknikveckan
hej-bruksbil
kodsnack
rss-digitala-influencer-podden